1. What is a computer virus?
Correct Answer: b) A malicious software that replicates itself
Explanation: A computer virus is malware that attaches itself to clean files and spreads by replicating while performing malicious actions like corrupting data or stealing information.
2. Which of the following is NOT a common type of virus?
Correct Answer: d) Antivirus
Explanation: Antivirus is protective software, not a virus type. Common viruses include boot sector (infects MBR), macro (infects documents), and file infectors.
3. How does a polymorphic virus evade detection?
Correct Answer: a) By changing its code structure
Explanation: Polymorphic viruses mutate their code (using encryption or code rewriting) while maintaining the same functionality, making signature-based detection difficult.
4. What is a Trojan horse in cybersecurity?
Correct Answer: b) Malware disguised as legitimate software
Explanation: Unlike viruses, Trojans don't self-replicate but trick users into installing them by appearing as useful software while creating backdoors or stealing data.
5. Which of the following is a program threat?
Correct Answer: b) Logic bomb
Explanation: A logic bomb is malicious code that executes when specific conditions are met (e.g., date, event). Other program threats include trapdoors, worms, and rootkits.
6. What is a trap door in software?
Correct Answer: a) A backdoor left by developers for unauthorized access
Explanation: Trapdoors (or backdoors) are secret entry points often left for debugging but dangerous if discovered. They bypass normal authentication mechanisms.
7. Which program threat executes when specific conditions are met?
Explanation: Logic bombs remain dormant until triggered by specific conditions (date/time, file deletion, etc.), then execute malicious payloads like data deletion.
8. What is the primary difference between a virus and a worm?
Correct Answer: b) A worm can self-replicate without a host program
Explanation: Viruses require host files to spread, while worms are standalone malware that self-propagate through networks (e.g., WannaCry, Stuxnet).
9. Which is NOT a goal of protection in cybersecurity?
Correct Answer: d) Redundancy
Explanation: The CIA triad (Confidentiality, Integrity, Availability) defines core security goals. Redundancy is an implementation strategy, not a protection goal.
10. What does the principle of "integrity" ensure?
Correct Answer: b) Data is accurate and unaltered
Explanation: Integrity ensures data isn't modified improperly (accidentally or maliciously). Techniques include hashing, digital signatures, and checksums.
11. Which goal ensures that systems are operational when needed?
Correct Answer: c) Availability
Explanation: Availability protects against disruptions (DDoS attacks, hardware failures) through redundancy, backups, and disaster recovery plans.
12. What is the principle of least privilege?
Correct Answer: a) Users should have minimal permissions necessary
Explanation: Least privilege limits damage from compromised accounts by granting only the access needed for specific tasks (e.g., regular users shouldn't have admin rights).
13. Which principle ensures that a system remains secure even if one component fails?
Correct Answer: a) Fail-safe defaults
Explanation: Fail-safe defaults means that if a system fails, it should default to a secure state (denying access rather than granting it). This is part of Saltzer and Schroeder's security design principles.
14. What does "complete mediation" refer to?
Correct Answer: a) All security checks must be performed every time access is requested
Explanation: Complete mediation ensures that every access to every object is checked for authorization - systems shouldn't cache or remember previous access decisions.
15. Which principle suggests security mechanisms should be as simple as possible?
Correct Answer: a) Economy of mechanism
Explanation: Economy of mechanism (also called simplicity) states that security designs should be small and simple enough to be verified and implemented correctly.
16. What does the "open design" principle mean?
Correct Answer: a) Security should not depend on secrecy of design
Explanation: Open design means security should rely on keys/passwords rather than keeping algorithms secret (Kerckhoffs's principle). This allows for public scrutiny of the design.